Информационная безопасность
[RU] switch to English


Выполнение кода через Intuit QuickBook
Опубликовано:2 апреля 2012 г.
Источник:
SecurityVulns ID:12294
Тип:клиент
Уровень опасности:
5/10
Описание:Выполнение кода и повреждение памяти в обработке протокола intu-help-qb5:
Затронутые продукты:INTUIT : QuickBooks 2012
Оригинальный текстdocumentds.adv.pub_(at)_gmail.com, Intuit Help System Protocol URL Heap Corruption and Memory Leak (02.04.2012)
 documentds.adv.pub_(at)_gmail.com, Intuit Help System Protocol File Retrieval (02.04.2012)

DoS против PHP
Опубликовано:2 апреля 2012 г.
Источник:
SecurityVulns ID:12295
Тип:библиотека
Уровень опасности:
5/10
Описание:Исчерпание ресурсов в функциях работу с регулярными выражениями POSIX.
Затронутые продукты:PHP : PHP 5.3
 PHP : PHP 5.4
Оригинальный текстdocumentcxib_(at)_cxsecurity.com, PHP 5.4/5.3 deprecated eregi() memory_limit bypass (02.04.2012)

Многочисленные уязвимости безопасности в McAfee Email and Web Security Appliance
Опубликовано:2 апреля 2012 г.
Источник:
SecurityVulns ID:12296
Тип:удаленная
Уровень опасности:
6/10
Описание:Межсайтовый сриптинг, обход аутентификации, перехват сеанса, повышение привилегий, утечка информации, обратный путь в каталогах.
Затронутые продукты:MCAFEE : McAfee Email and Web Security 5.6
 MCAFEE : McAfee Email Gateway 7.0
Оригинальный текстdocument[email protected], NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Arbitrary file download is possible with a crafted URL when logged in as any user (02.04.2012)
 document[email protected], NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked (02.04.2012)
 document[email protected], NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI (02.04.2012)
 document[email protected], NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Any logged-in user can bypass controls to reset passwords of other administrators (02.04.2012)
 document[email protected], NGS00154 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Session hijacking and bypassing client-side session timeouts (02.04.2012)
 document[email protected], NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens (02.04.2012)

Многочисленные уязвимости безопасности в Cisco IOS
Опубликовано:2 апреля 2012 г.
Источник:
SecurityVulns ID:12298
Тип:удаленная
Уровень опасности:
7/10
Описание:Многочисленные DoS-условия.
Затронутые продукты:CISCO : IOS 12.2
 CISCO : IOS 15.0
 CISCO : IOS 15.1
 CISCO : IOS 15.2
 CISCO : IOS XE 3.3
 CISCO : IOS XE 3.2
 CISCO : IOS XE 3.4
 CISCO : IOS XE 3.5
CVE:CVE-2012-1314 (The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381.)
 CVE-2012-1312 (The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (device reload) via crafted transit traffic, aka Bug IDs CSCtq64987 and CSCtu57226.)
 CVE-2012-1311 (The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets, aka Bug ID CSCts80643.)
 CVE-2012-0386 (The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (device reload) via a crafted username in a reverse SSH login attempt, aka Bug ID CSCtr49064.)
 CVE-2012-0385 (The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug ID CSCtt16051.)
 CVE-2012-0383 (Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require translation, related to a "memory starvation vulnerability," aka Bug ID CSCti35326.)
 CVE-2012-0381 (The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) by sending IKE UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCts38429.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Cisco IOS Software Reverse SSH Denial of Service Vulnerability (02.04.2012)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability (02.04.2012)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features (02.04.2012)
 documentCISCO, Cisco Security Advisory: Cisco IOS Internet Key Exchange Vulnerability (02.04.2012)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability (02.04.2012)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability (02.04.2012)

Переполнение буфера в ActiveX TrendNet SecurView
Опубликовано:2 апреля 2012 г.
Источник:
SecurityVulns ID:12299
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера в контроле UltraMJCam
Затронутые продукты:TRENDNET : SecurView TV-IP121WN
Оригинальный текстdocumentrgod, TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow (02.04.2012)

Переполнения буфера в ActiveX Quest InTrust
Опубликовано:2 апреля 2012 г.
Источник:
SecurityVulns ID:12300
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнения буфера в ActiveX AnnotateX.dll и ArDoc.dll
Затронутые продукты:QUEST : InTrust 10.4
Оригинальный текстdocumentrgod, Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite Vulnerability (02.04.2012)
 documentrgod, Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution (02.04.2012)

Переполнение буфера в ActiveX D-Link SecuriCam
Опубликовано:2 апреля 2012 г.
Источник:
SecurityVulns ID:12301
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера в контроле DcsCliCtrl.dll
Затронутые продукты:DLINK : SecuriCam DCS-5605
Оригинальный текстdocumentrgod, D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability (02.04.2012)

Несанкционированный доступ к HP-UX WBEM
Опубликовано:2 апреля 2012 г.
Источник:
SecurityVulns ID:12302
Тип:удаленная
Уровень опасности:
5/10
CVE:CVE-2012-0126 (Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0125.)
 CVE-2012-0125 (Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126.)
Оригинальный текстdocumentHP, [security bulletin] HPSBUX02755 SSRT100667 rev.1 - HP-UX WBEM, Remote Unauthorized Access to Diagnostic Data (02.04.2012)

Многочисленные уязвимости безопасности в wireshark
Опубликовано:2 апреля 2012 г.
Источник:
SecurityVulns ID:12303
Тип:удаленная
Уровень опасности:
5/10
Описание:DoS через протоколы ANSI A, IEEE 802.11, MP2T.
Затронутые продукты:WIRESHARK : Wireshark 1.6
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2012:042 ] wireshark (02.04.2012)

Уязвимости безопасности в expat
Опубликовано:2 апреля 2012 г.
Источник:
SecurityVulns ID:12304
Тип:библиотека
Уровень опасности:
5/10
Описание:Утечка памяти, предсказуемая хэш-функция.
Затронутые продукты:EXPAT : expat 2.0
CVE:CVE-2012-1148 (Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.)
 CVE-2012-0876 (The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2012:041 ] expat (02.04.2012)

Уязвимости безопасности в OpenSSL
Опубликовано:2 апреля 2012 г.
Источник:
SecurityVulns ID:12306
Тип:удаленная
Уровень опасности:
5/10
Описание:DoS, проблемы реализации CMS.
Затронутые продукты:OPENSSL : OpenSSL 0.9
 OPENSSL : OpenSSL 1.0
CVE:CVE-2012-1165 (The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.)
 CVE-2012-0884 (The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2012:038 ] openssl (02.04.2012)

Атаки амплификации трафика в Quake 3 / ioquake3
Опубликовано:2 апреля 2012 г.
Источник:
SecurityVulns ID:12307
Тип:библиотека
Уровень опасности:
5/10
Описание:Не проверяется источник сообщения UDP-сообщения getstatus
Затронутые продукты:IOQUAKE : ioquake3 1.36
 OPENARENA : OpenArena 0.8
 WORLDOFPADMAN : World of Padman 1.5
 WORLDOFPADMAN : Tremulous 1.1
CVE:CVE-2010-5077 (server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request.)
Оригинальный текстdocumentSimon McVittie, Traffic amplification via Quake 3-based servers (02.04.2012)

Уязвимости безопасности в libzip
дополнено с 25 марта 2012 г.
Опубликовано:2 апреля 2012 г.
Источник:
SecurityVulns ID:12285
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение буфера и целочисленное переполнение при разборе zip
Затронутые продукты:LIBZIP : libzip 0.10
CVE:CVE-2012-1163 (Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak.)
 CVE-2012-1162 (Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct.")
Оригинальный текстdocumentTimo Warns, [PRE-SA-2012-02] Incorrect loop construct and numeric overflow in libzip (02.04.2012)
 documentMANDRIVA, [ MDVSA-2012:034 ] libzip (25.03.2012)

Внедрение данных в библиотеке raptor / libreoffice / openoffice
дополнено с 26 марта 2012 г.
Опубликовано:2 апреля 2012 г.
Источник:
SecurityVulns ID:12287
Тип:библиотека
Уровень опасности:
5/10
Описание:Возможно внедрение файла через XML.
Затронутые продукты:RAPTOR : raptor 1.4
CVE:CVE-2012-0037 (Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.)
Оригинальный текстdocumentVSR Advisories, CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) (02.04.2012)
 documentDEBIAN, [SECURITY] [DSA 2438-1] raptor security update (26.03.2012)

Повышение привилегий в VMWare
дополнено с 2 апреля 2012 г.
Опубликовано:9 апреля 2012 г.
Источник:
SecurityVulns ID:12293
Тип:локальная
Уровень опасности:
7/10
Описание:Возможны манипуляции с эмулируемым ROM через интерфейс-закладку.
Затронутые продукты:VMWARE : VMware Server 1.0
 VMWARE : VMware ESXi 3.5
 VMWARE : VMware Server 2.0
 VMWARE : VMware Workstation 7.1
 VMWARE : VMware ESXi 4.1
CVE:CVE-2012-1515 (VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine.)
Оригинальный текстdocumentVMWARE, VMSA-2012-0006 VMware ESXi and ESX address several security issues (09.04.2012)
 documentds.adv.pub_(at)_gmail.com, VMware High-Bandwidth Backdoor ROM Overwrite Privilege Elevation (02.04.2012)

Многочисленные уязвимости безопасности в ядре Linux
дополнено с 2 апреля 2012 г.
Опубликовано:26 апреля 2012 г.
Источник:
SecurityVulns ID:12305
Тип:локальная
Уровень опасности:
6/10
Описание:DoS, утечка информации, повышение привилегий.
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2012-2100 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.)
 CVE-2012-1146 (The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events.)
 CVE-2012-1097 (The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.)
 CVE-2012-1090 (The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.)
 CVE-2012-0879 (The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.)
 CVE-2012-0045 (The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file.)
 CVE-2011-4347 (The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation.)
 CVE-2011-3347 (A certain Red Hat patch to the be2net implementation in the kernel package before 2.6.32-218.el6 on Red Hat Enterprise Linux (RHEL) 6, when promiscuous mode is enabled, allows remote attackers to cause a denial of service (system crash) via non-member VLAN packets.)
 CVE-2011-1833 (Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.)
 CVE-2009-4307 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value).)
Оригинальный текстdocumentUBUNTU, [USN-1406-1] Linux kernel vulnerabilities (26.04.2012)
 documentDEBIAN, [SECURITY] [DSA 2443-1] linux-2.6 security update (02.04.2012)

Уязвимости безопасности в HP Performance Manager
дополнено с 2 апреля 2012 г.
Опубликовано:24 июня 2012 г.
Источник:
SecurityVulns ID:12297
Тип:удаленная
Уровень опасности:
5/10
Описание:Выполнение кода, DoS.
Затронутые продукты:HP : HP Performance Manager 9.00
CVE:CVE-2012-0127 (Unspecified vulnerability in HP Performance Manager 9.00 allows remote attackers to execute arbitrary code via unknown vectors.)
Оригинальный текстdocumentZDI, ZDI-12-100 : HP OpenView Performance Manager PMParamHandler Remote Code Execution Vulnerability (24.06.2012)
 documentHP, [security bulletin] HPSBMU02756 SSRT100596 rev.1 - HP Performance Manager Running on HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS) (02.04.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород